Following the high-profile breach of the US Office of Personnel Management (OPM), which exposed the personal data of millions of Americans, the House of Representatives’ Committee on Oversight and Government Reform issued a report on the attack in 2016. That report provided an exhaustive account of the events leading up to the breach, illustrating how a hacker posing as an employee of an OPM contractor was able to use false credentials to log into the system, install malware and create a back door into the network—a back door that was exploited for four years before it was discovered. The report makes…

As we enter the New Year, IT and security leaders have most likely been glued to revelations of major new CPU-level vulnerabilities Meltdown and Spectre, described by researchers as among the “worst ever” discovered. However, there’s arguably an even more pressing concern, not just for IT but the entire organisation: GDPR compliance. There are now just over four months to get your house in order before the sweeping new EU regulation formally comes into force on 25 May. Regulators will be given the power to levy fines of up to 4% of global annual turnover or £17m, whichever is higher….

Once an organization’s network is breached, extinguishing the flames is just the first step in a long, painful and costly journey to recovery. There’s still the wreckage to sift through, investigators to perform analyses, insurance claims and, of course, a business to reconstruct and secure. It isn’t business as usual once operations are restored; a breach can plague an organization for years. Financial Aftermath Smolders Not long after the event, the breach’s impact on stock price and earnings becomes clear. In July, just weeks after it was breached by the NotPetya malware, FedEx announced it expected a material loss associated…

With 50,000 attendees, over 1,000 breakout sessions and countless sponsors and exhibitors, the 2017 AWS re:Invent conference in Las Vegas was one of the largest events yet. With announcements like server-less containers, managed databases and bare metal compute instances immediately available as a service, enterprises see cloud adoption as a clear choice model to operate. Security to protect infrastructure and workloads in AWS was a hot topic — specifically in the realm of identity and access management. Enterprises migrating to AWS needed solutions to secure their AWS accounts, secure access to EC2 instances and secure access to their existing on-premises…

Introduction We are excited to announce that Centrify now supports CoreOS Container Optimized Linux which several of our customers are using as part of their adoption of containerization for their application deployments. But first, let’s start with an overview of how Centrify can help you protect access to these containerized platforms and the applications that run on them. As organizations embrace hybrid cloud environments moving their applications and other workloads to public clouds such as AWS, Azure and Google, application developers building custom apps inevitably rework their applications to take advantage of the hosting platform capabilities such as auto-scaling enabling…

Reduce the Risk of a Security Breach When Sharing Privileged Accounts There are partners, employees, contractors, customers and others who access or try to access your most valuable company assets on a daily basis. But each individual or each group represents a high risk if their privileges are not managed properly. Time and time again we see an employee or a contractor falling victim to a phishing attack and the compromised credentials are then used to move laterally through your environment. This can be especially damaging if the account that has been compromised is a shared account: Shared accounts are…

As we start 2018, we have continued to see major breaches across industries, only last year we witnessed at least two companies — Uber and Equifax — opt to hold off on alerting the public to their respective cybersecurity breaches and make them public at a later, more convenient date. Whether a coincidence or a trend in the making, time will tell. What we do know is that these were among a handful of security “events” that will help shape the year to come. Here are our predictions for 2018. Organizations will respond to the current threat landscape with a…

Centrify has been busy building innovative technology and powerful partnerships. This post will talk about a longtime partnership, cool tech, and a deeper level of integration. Centrify and Yubico have been partners for more than three years already and work together with joint customers, in the field, and at a corporate level. Centrify and Yubico U2F Integration To further its move towards a Zero Trust Security Model, Centrify joined the FIDO (Fast IDentity Online) Alliance and strengthened its integration with Yubico. Centrify Identity Services now provides support for the FIDO Alliance’s Universal 2nd Factor (U2F) specification, an authentication standard designed to…

Centrify CEO Tom Kemp, an industry expert in security and infrastructure software, discusses market and technology issues around the disruption occurring in the Identity and Access Management market due to the cloud, mobile and consumerization of IT trends occurring in today's IT environment.